Ports being blocked in 4.50 Beta 10/9 of FLINT router

So I’ve been trying to figure out why my OOMA Telo VOIP Adapter worked without issue in all versions of the FLINT Firmware right through 4.46 but in 4.50 Firmware (All tested) my OOMA Telo VOIP Adapter will not make or receive calls…

I just tested ports being blocked using the built in Port Scanner in the OOMA Telo to see what ports are being blocked on the FLINT Router…I did one scan with the 4.46 firmware and then one with the 4.50 firmware…
As you can see the amount of ports reported blocked in 4.50 firmware is huge and is most likely the cause of the OOMA Telo not working with the FLINT 4.50 firmware.

Ports blocked with 4.46 Firmware
PortsBlockedwith4.46Firmware

Ports blocked with 4.50 Firmware

It’s for this reason I have not purchased a FLINT 2…Do you mean to be blocking all these ports in
firmware version 4.50??

Can you not just open the ports in the router settings and be happy that security came first?

shivadow,

I tried that yesterday…Opened all the ports that had been listed as denied in the 4.50 firmware…After I had opened all those ports and confirmed I rebooted everything (Router and OOMA VOIP Adapter)…I then checked again with the OOMA VOIP Adapter’s Scan Ports Utility…And guess what? The ports were still blocked. So manually opening the ports on the router did not work. The scan utility still listed them as denied.
I went back to firmware 4.46 and everything (Ports and connection) returned to normal. I have not ordered a FLINT 2 as GL.Inet appears to be going down a path that is not good for Home Users like me. (With normal HOME applications and devices)…I’ve ordered a new model ASUS Router (With Wireguard) to replace the FLINT Router as I don’t see much future in it unless I wanted to run 3rd party OpenWRT firmware on the FLINT.

Did you try DMZ? :thinking:. May it works

Yeah I’m not putting it in the DMZ…
It’s not a big deal…Companies decide to change course for whatever reason…
I had fully intended to upgrade to the FLINT2…But since it’s based on 4.50 firmware
and that is proving to be incompatible with my network devices I just have to move along…It’s not like GL.iNet routers are the only game in town…If they work for you and all your network configuration then great…They’re just no longer compatible with my equipment (Since my phone system relies on the OOMA device)…So i’m moving elsewhere…Funny as I was just stating how much the FLINT was so much better in some regards than other options especially for the price…Guess I should have kept my mouth shut…

Yeah I understand you. But it’s very strange it blocks the UDP ports now, maybe it’s really a bug, or something related with the new Full Cone NAT function

I only have 4.4.5 and just about to flash 4.4.6 so my regional firmware isn’t that advanced. Therefore I’m unable to test.

I have to agree with you about glinet not being for the average user and it makes you kind of appreciate how easy to use mainstream manufacturers make their software… But that said the reasons I need them are reliability and so far these routers are excellent “if you leave them alone” but if you start to play with stuff you don’t know what it does then within seconds you’ll find yourself the proud owner of a router shaped paperweight. Something to keep the shelf clear of dust…

The gli app leaves a lot to be desired with limited control over the devices but the cloud service is a godsend especially because it’s free in a forever pay as you go world…

Would I upgrade my devices and stick with gli going forward? Probably yes. Just because it’s nice it has all those options but it doesn’t mean I’d have to use them. It’s the same as carrying a condom… Better to have one and not need it than to need it and not have one…

My understanding is that Ooma and other VoIP services only use the ports for outbound traffic, none of which should be blocked on the GL.iNet routers.

The outbound traffic is to register and establish a connection between the client device to the VoIP server for 2-way communication. There may be a timeout interval after which the client has to register again with the server (something like a DHCP IP address).

I use VoiP through an Asus router. On an Asus router, make sure you enable the WAN - NAT passthrough settings.

I do not work for and I am not directly associated with GL.iNet

I can assure you that I’ve attempted every possible workaround with 4.50 firmware with the OOMA Telo…Not working…This the first firmware (3.x and 4.x) that the OOMA has not worked with…As I showed the OOMA port scanner shows LOTS of denied ports with the 4.50 firmware compared to only one denied port with the 4.46 firmware. The reason for the OOMA not working (OOMA network shows connected but phones will not ring on incoming or outgoing) I cannot definitely say what the issue is but it certainly looks port related. But who knows…4.50 is doing so many changes who knows what it might be (KMWAN??)…
Anyway it doesn’t matter…I’ve messed around with it enough…4.50 simply not working with the OOMA Telo so I have a Asus (RT-AX86u Pro) arriving next week. I was really looking forward to the FLINT2 but not ordering that with the trouble that 4.50 firmware has caused me. Thanks for the tip on the WAN-NAT passthrough settings for ASUS.

In snapshot 4.5.0 there is extra NAT settings.
Can you try these options?

Those were some of the first things I tried…Did not make a difference.

OK…Today I spent significant time testing with openwrt-ax1800-4.5.0-1019-1697723253.tar which is the Release 2 dated from 10/19.
Screenshot 2023-10-22 161119

What I decided to try first was just loading the new firmware and not keeping any settings…After the upgrade and confirmed I was on the new firmware…I set the TimeZone and nothing else…I then tested to see if I could make a call with the OOMA Telo VOIP device…I could. I could make and receive calls without issue. OK…Now to start configuring manually settings one by one and testing. The OOMA Telo continued to be able to make and receive calls. NOW…Let’s try adding VPN back in…I configured both OpenVPN and Wireguard Connections. I made sure to set the VPN Policy based on CLIENT DEVICE and I made sure to have the OOMA Telo MAC ADDRESS was set to NOT use the VPN. First thing I tested was WIREGUARD…Can I make a call?..NO!!! Once the Wireguard client was enabled calls would not go through (Outgoing or Incoming) even though the OOMA Telo MAC Address was set to not use the VPN…OK…Let me disable Wireguard Client. I found I had to reboot the OOMA Telo in order to be able to make and receive calls again after the Wireguard Client had been disabled. I then tested the OPENVPN Client…Will it make and receive calls with OpenVPN? NO…Once the OpenVpn Client was enabled I could not make or receive calls. I had to disable the VPN client and then reboot the OOMA. Once the OOMA was rebooted I could make and receive calls again but ONLY WITH NO VPNs ENABLED on the FLINT router. So with the openwrt-ax1800-4.5.0-1019-1697723253.tar Release 2 dated 10/19 Firmware the OOMA Telo will make and receive calls but ONLY with No VPNs Enabled. Hope this helps.
(Back on Firmware 4.46 and everything works as it should).

So you mean with vpn, your OOMA Telo cannot make calls in firmware 4.5.0, but not in firmware 4.4.6, right?

That seems a problem of default vpn firewall settings.

Have you enabled this option - “Remote Access LAN”?

Correct…In 4.46 Firmware I can have VPN ON and the OOMA Telo works (With VPN Based on CLIENT DEVICE) and the VPN Policy saying not to use the VPN with the OOMA Telo MAC Address.

In 4.50 Firmware having the VPN ON kills the OOMA TELO VOIP.

I just tested it again…I upgraded from a working 4.46 to 4.50…It immediately killed the working OOMA Telo VOIP…I checked those settings and IP Maserquerading was ON…But Remote LAN was OFF…I turned REMOTE LAN to ON and Applied…And the OOMA Telo VOIP was still not working in 4.50…I rebooted the OOMA Telo just to make sure…Once the OOMA Telo was fully rebooted and the OOMA Network was connected I tested again and the OOMA Telo VOIP still would not work…
So having the VPN Enabled in 4.50 stops the OOMA Telo VOIP from working whether you have the Remote Access LAN On or Off…BTW if you turn Off the IP Masquerading that kills the Internet Connection entirely.

(Back to working OOMA Telo VOIP in 4.46 Firmware)

Yeah that’s odd. I think the fact you’ve brought it up, hopefully in the stable release it can be addessed.

Well I’m doing this so they can hopefully correct the problem before the FLINT2 release.

All the feedback helps… and thats the point of beta programs :slight_smile:

1 Like

Just downloaded and installed openwrt-ax1800-4.5.0-1024-1698077407.tar Beta 2 just released. I had high hopes on this after I saw you had redone the VPN Policy. Installed and waited for the OOMA Telo to sync up.
Once it did I tried making calls…SUCCESS…I can once again make and receive calls. So it must have been ignoring my VPN Policy telling it to not have the OOMA Telo go through the VPN…Now it appears to be working correctly. And OOMA Port Scan shows only the one port blocked like it did on Firmware 4.46.
Screenshot 2023-10-23 195848

Screenshot 2023-10-23 200128

4 Likes

Great result must be happy

Indeed…Right after I found that they had corrected the problem in the 4.5 Firmware for the Flint I went ahead and ordered the FLINT2…I hope they remember to incorporate the fix in the firmware for the Flint2…